Emmanuel Bourg

Reopening, I have to document this.

Do you have an example of .bin or .rom file? If they are PE based like EFI bios they should already be supported by Jsign.

@isagargit I've been unable to find any information about signed bin/rom files, could you please provide an example or some references?

ELF binaries are usually for Linux. There is no a canonical way to sign these files. There were experiments like [signelf](https://sourceforge.net/projects/signelf/) and [DigSig](https://disec.sourceforge.net/) but none really took off (see https://stackoverflow.com/questions/1732927/signed-executables-under-linux...

The version 1.4.16 on Maven Central was compiled on 2020-06-30, so assuming the release was done on the main branch the closest commit would be 2402c32bb4e5a13d5d8a045a47f8095605dd6535

Thank you for reporting this issue. What is the version of the Yubikey firmware? Does it work better if you install the [Yubico PIV Tool](https://developers.yubico.com/yubico-piv-tool/) and use `--storetype YUBIKEY` instead...

There is something weird with the slot 9A, the algorithm of the private key (ECCP256) doesn't match the algorithm of the public key (ECCP384). How did you load the private...

> My only thought was that if jsign caught this exception in a meaningful way and describe what was happening that may help. If there was a bad cert in...

I'm not sure the AWS REST API accepts the aliases directly. If it doesn't we have to figure out how to convert the alias into a key id.

https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html#KMS-Sign-request-KeyId > **KeyId** > > Identifies an asymmetric KMS key. AWS KMS uses the private key in the asymmetric KMS key to sign the message. The KeyUsage type of the...